With its Deception and Response Platform, Attivo Networks addresses the main weakness of most deception technology, having to rely on other programs to respond to an attack once revealed by the deception network.
Deception technology, deploying fake assets inside real networks to trick and catch attackers, shows an incredible amount of promise within cybersecurity as the technology grows. Even as hackers learn to expect that deception assets will be hidden among their targets, deception tools seem more than capable of keeping one step ahead. So long as the deceptive assets are supported with lures and breadcrumbs on production systems to make them look real, attackers will inevitably wander into the traps and reveal themselves.
However, not everything is perfect in the world of deception. Most of the programs in the market today, while very good at alerting to the presence of an attacker, do nothing in terms of remediation of the problem – other than perhaps to offload that responsibly to another program or to humans working a network SIEM module. In many ways, they end up being like the dog chasing cars in that old story, putting a ton of effort into catching their quarry, but almost no thought into what to do once they have successfully latched on.
The Attivo Deception and Response Platform aims to change all that, adding native and even automatic response capabilities to its already powerful deception frontend. This is coupled with other powerful tools and applications like internal sandboxing, ransomware protection, user training and even phishing sample submissions, all supported by robust, accurate deception.
Deploying Attivo
The Attivo platform is divided up into four components, BOTsink, ThreatStrike, ThreatPath and ThreatOPs. Together they form the complete detection and response capabilities, starting with deploying decoys and making them look like real clients, protecting credentials and preventing ransomware outbreaks, plotting the attack paths of attackers and blocking them from reentering a network once purged, and tracking everything in a ticketing system suitable for confirmation checking or auditing. But it all starts with deploying deception.
The platform is normally deployed on-premises as an appliance, though a cloud version is also available. (Our test was done with a physical server.) Each appliance can support up to 384 deception devices, which can take on the capabilities and configurations of real network assets like servers and clients, or even ones that are specific to certain industries like infusion drug pumps in healthcare or point of sale devices in retail. You simply load up the golden image for the device you want to deceptively replicate and have it deployed in a network in such a way as to mirror other real assets that it’s imitating. After that, decoys and lures are placed to make the deception points come alive and appear to be in constant use.
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.